1. Field of the Invention
The present invention relates to a method for secure data exchange between a base station and a transponder, particularly a passive or passive, backscatter-based transponder, whereby an access password of the transponder is subdivided into a first identification and a second identification, which are transmitted successively during transmission of the access password by the base station to the transponder. The invention relates further to a transponder and to a system for secure data exchange.
2. Description of the Background Art
A method for secure data exchange may be implemented in an access control method. Access control methods of this type are used, for example, in contactless identification systems or so-called Radio Frequency Identification (RFID) systems. This type of system typically includes a base station or a reader or a reader unit and a plurality of transponders or remote sensors, which are located simultaneously in the response range of the base station. The transponders or their transmitting and receiving devices typically do not have an active transmitter for data transmission to the base station. Such inactive systems are called passive systems when they do not have their own power supply, and semipassive systems when they have their own power supply. Passive transponders draw the power necessary for their supply from the electromagnetic field emitted by the base station.
Backscatter coupling is employed, as a rule, for data transmission from a transponder to a base station with UHF or microwaves in the far field of the base station. To that end, the base station emits electromagnetic carrier waves, which are modulated and reflected by the transmitting and receiving device of the transponder by means of a modulation method in accordance with the data to be transmitted to the base station. The typical modulation methods for this are amplitude modulation, phase modulation, and amplitude shift keying (ASK) subcarrier modulation, in which the frequency or the phase position of the subcarrier is modified.
An access control method for transponders is described in the draft standard ISO/IEC_CD 18000-6C of 7 Jan. 2005. The transponder in this case is first selected in a selection or arbitration process from a number of transponders. The described selection process is a stochastic process in the form of a slot-based ALOHA protocol. Selection methods of this kind are described in detail, for example, in the handbook by Klaus Finkenzeller, RFID-Handbuch (RFID Handbook), 3rd ed., HANSER, 2002.
The draft standard specifies that access commands and associated routines can be implemented in base stations and/or transponders. The access command in this case is a defined 8-bit sequence. By means of the access command, the base station requests read and/or write access to a password-protected region of the transponder. A base station and a transponder have symmetric (access) passwords for password protection. According to the draft standard, the symmetric access password is a 32-bit password. For read and/or write access to a password-protected transponder and/or a password-protected subregion of the transponder, two access data sequences or access messages are transmitted from the base station to the transponder. The two access data sequences or access messages comprise the access command and a first sub-password or a second sub-password. The first sub-password in this case corresponds to a first half of the symmetric password. The second sub-password corresponds to a second half of the symmetric password.
To prevent a third party from intercepting the access passwords during transmission in the forward link or forward channel, i.e., during transmission from the base station to the transponder, the sub-passwords are each encrypted with a random number. For this purpose, it is provided that the transponder has suitable means for generating a random number and transmits this number upon request to the base station. To increase security, encrypting both sub-passwords with the same random number is to be avoided.
Instead of the access password, a kill password stored in the transponder according to the draft standard can also be transmitted by a similar method. The kill command permanently shuts down (kills) the transponder according to the draft standard.
Symmetric passwords must be made known to all involved companies for access to the transponder. They must also be made known furthermore to companies that set up the transponders. A known approach to close the resulting security gaps is the inclusion of a hash function in the method. In so doing, only a hash value of the first sub-password and/or the second sub-password is stored in the transponder. The transponder has means by which a hash value of a received password can be determined and compared with the stored value.
The base station usually transmits at a high level, so that a listener can listen to the wireless data transmission from the base station to the transponder over great distances, for example, within a radius of a kilometer. Security of the forward channel is therefore especially important. The (sub-)passwords are therefore transmitted encrypted in the forward channel as described above.
Known methods for requesting read and/or write access to a transponder, however, provide no security in the return link or backward channel, i.e., the data transmission from the transponder to the base station.